A short, honest page for security, legal and procurement teams. Every artefact below is downloadable today; every claim points at a file you can read or a control you can exercise. No fabricated certifications, no nine-fives we can't measure, no logos we don't have. For the architectural argument and per-framework status, see the Trust Center and Compliance.
Enterprise procurement, custom MSA edits, volume-pricing requests, EU invoice billing and self-hosted licensing all route to one address. Median first response is one business day, quoted against your purchase decision date, not a marketing wishlist.
All of these are linked publicly — no NDA required for the templates. Counter-signed copies (DPA, BAA) are returned within two business days of an enterprise request.
Three shapes of the same product. Pick the one that fits your data-residency constraints and your operations team's appetite. The privacy invariant — plaintext is tokenised on the customer device before any byte leaves it — holds in all three.
Instead of adding the SDK to every app, run one central cloak-proxy on your own network — a server or container you control — and route all your apps through it (change one base_url). PII is tokenised on that proxy, inside your perimeter, before any byte leaves it; only tokens reach the CloakAPI gateway. One place to configure detectors and privacy tiers, one place to update, every app protected.
Everything below ships on every account at the same flat rates — there is no "Enterprise plan" that unlocks them. Organisations, identity, compliance automation, event streams and a partner programme are all built in and wired today.
Partner, reseller & white-label programme. Resellers, MSPs and agencies run customer sub-organisations under their own branded domain (custom CNAME + logo), with a commission ledger, settlements and tax forms handled for them. See the partner programme and the commission structure on /pricing.
Uptime numbers below are the same figures the public status page reports — no inflated "five nines" claim that we can't measure. The full SLA contract lives at /legal/sla.html; the live measurement is at status.cloakapi.io.
Live uptime is measured per-component on status.cloakapi.io; SLO definitions and the error-budget policy are documented at /legal/sla.html. We will not show "Current" on a target we don't have at least 90 days of measurement evidence for.
A short, predictable path from first contact to signed contract. Median time-to-signature for the last few enterprise deals has been three to six weeks, gated almost entirely on your security review.
Email enterprise@cloakapi.io with a one-line description of your use case and rough volume (requests/month or seats). You'll get a custom quote within two business days. List pricing — three flat rates, no plan tiers — is on /pricing.
Custom MSA available; redlines welcome. DPA counter-signed within two business days of an enterprise request. Order forms are short — one schedule per environment, one per region.
Bank transfer and invoice billing in USD for annual orders above $25,000. Card and Stripe-tokenised payment for smaller commitments. Net-30 standard; net-60 on enterprise terms.
CAIQ-lite, SIG-lite, custom questionnaires, audit-letter requests and architecture reviews all go through trust@. Median turnaround on a completed CAIQ: three business days.
Most enterprise vendors hand you a marketing PDF. CloakAPI hands you a verifier. Every gateway response carries a cryptographic receipt your auditor can check offline, and every tenant has an append-only transparency feed that proves we never silently rotated a signing key or shadow-swapped routing policy.
OpenReceipt: ECDSA P-256 signed, canonical-hash chained. The independent verifier at signedreceipts.org/verifier requires no CloakAPI account and never sends the receipt back to us.
Append-only JSONL feed of cryptographic seeds, signed under the same P-256 keys as receipts. Lets any auditor confirm the signing-key history is monotonic and the routing policy you signed up for is the routing policy you got.
GET https://api.cloakapi.io/v1/transparency/seeds.jsonl